1

I am following the post generating and verifying digital signature. The Signed Data remains constant at all runs but Detached Enveloped Signature varies at every run. How the same text generates different Detached Enveloped Signature?

Community
  • 1
  • 1
AVA
  • 2,474
  • 2
  • 26
  • 41
  • This behavior is by design, as there are random parts there. – Eugene Mayevski 'Callback Mar 18 '14 at 14:30
  • Signatures in CMS signature containers fairly often contain a signed signing time attribute. This signing time obviously changes with each run, and (it being a signed attribute) so does the signature. That being said, the post you reference looks a bit fishy: It first signs some text using `signature`, and then wraps the resulting signature bytes in a `CMSTypedData msg` which it signs using the `ContentSigner sha1Signer`. Such an iterated signing most likely makes not sense. – mkl Mar 18 '14 at 15:31

1 Answers1

3

To make the comments an answer...

There are two major reasons why signatures of the same data by the same private key may vary.

Signature algorithm induced variations

Certain signature algorithms, foremost DSA and ECDSA, explicitly base the signature creation on a randomly chosen value k. This "randomness" is required, the entropy, secrecy, and uniqueness of the random signature value k is critical. It is so critical that violating any one of those three requirements can reveal the entire private key to an attacker. Using the same value twice (even while keeping k secret), using a predictable value, or leaking even a few bits of k in each of several signatures, is enough to break the algorithm. The requirement can be fulfilled by an actually random k or by a k built in a deterministic way which also guarantees entropy, secrecy, and uniqueness, cf. RFC 6967.

The OP, though, refers to code which uses RSA. This algorithm does not require such a random parameter (even though padding schemes may include randomness).

Signature attribute induced variations

Another reason for variations is that the signed data include more than just the document data.

When talking about "signatures", often people do not merely mean the signing process byte array output but instead a signature container according to the CMS standard.

There may be multiple individual signatures in such a container, and each of them may have a number of unsigned or signed attributes. As the name "signed attributes" implies, the signature value calculation includes these attributes, too.

Very often these signed attributes include the signing time. As the signing time normally varies in different signing runs, the actual signature value varies, too.

The OP uses CMS signature containers. Thus, most likely this is the cause why the OP's signatures vary.

Community
  • 1
  • 1
mkl
  • 90,588
  • 15
  • 125
  • 265
  • Dear MKL, in java.security.Signature is initialised using private key. Similarly, is there any such process in bouncy castles CMS Signed Data Generation Process! – AVA Mar 19 '14 at 10:41
  • 1
    But there is, and you can see that in that double-signing sample: `ContentSigner sha1Signer = new JcaContentSignerBuilder("SHA1withRSA").setProvider("BC").build(privKey);` which is used to generate a `JcaSignerInfoGeneratorBuilder` which in turn is added to the `CMSSignedDataGenerator`. – mkl Mar 19 '14 at 10:46